VDB
CVE-2021-41526
CVE-2021-41526
PUBLISHED
CVSS 7.800000190734863 HIGH
Multiple software installers provided by Brother Industries, Ltd. may insecurely load some dynamic link libraries.<ul><li>Uncontrolled search path element (CWE-427) - CVE-2016-2542, CVE-2021-41526</li></ul>Kazuma Matsumoto of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Brother Industries, Ltd. and coordinated. After the coordination was completed, Brother Industries, Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.
EPSS 0.07% · 21.1th percentile
Risk Scores
CVSS 3.0
7.800000190734863
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.07%
21.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brother Industries | Software Update Notification Updater | |
| Brother Industries | Universal Printer Driver for PCL | |
| Brother Industries | Universal Printer Driver for BR-Script (PostScript language emulation) | |
| Brother Industries | Universal Printer Driver | |
| Brother Industries | Status Monitor Update Tool |
Exploit Intelligence
- CIRCL seen: CVE-2021-41526 (circl-sighting)
- CIRCL seen: CVE-2021-41526 (circl-sighting)
- CIRCL seen: CVE-2021-41526 (circl-sighting)
- CIRCL seen: CVE-2021-41526 (circl-sighting)
- https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message (circl)
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md (circl)
- 20240419 MindManager 23 - full disclosure (circl)
Timeline
- May 6, 2022 PoC Published
- May 6, 2022 PoC Published
- May 8, 2022 PoC Published
- Mar 29, 2023 CVE Published
- Mar 30, 2023 EPSS Score
- Mar 30, 2023 PoC Published
- May 7, 2023 EPSS Score
- Jun 14, 2023 EPSS Score
- Jul 23, 2023 EPSS Score
- Aug 30, 2023 EPSS Score
- Oct 7, 2023 EPSS Score
- Nov 14, 2023 EPSS Score